Category: ISC

What are the links and PDF I may use to prepare for the CCNA 200-125 certification? The Certified Information Systems Security Professional (CISSP) exam is a 2629 questions assessment in pass4itsure that is associated with the ISC certification. Most reliable CISSP dumps exam guide ISC certification with Youtube accurate answers. “Certified Information Systems Security Professional” is the exam name of Pass4itsure ISC CISSP dumps test which designed to help candidates prepare for and pass the ISC CISSP exam. If you have bad mood while testing, you can choose to practice many times with https://www.pass4itsure.com/cissp.html dumps pdf version reliable practice exam vce online, you will be used in exam feel, have a strong psychological diathesis, and finally get out of examination-phobia.

QUESTION 3Which of the following is true about Kerberos?
A. It utilizes public key cryptography.
B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text.
C. It depends upon symmetric ciphers.
D. It is a second party authentication system.CISSP exam Correct Answer: CExplanation
Explanation/Reference:Kerberos depends on secret keys (symmetric ciphers). Kerberos is a third party authentication protocol. It was designed and developed in the mid 1980’s by MIT. It is considered open source but is copyrighted and owned by MIT. It relies on the user’s secret keys. The password is used to encrypt and decrypt the keys.
The following answers are incorrect:
It utilizes public key cryptography. Is incorrect because Kerberos depends on secret keys (symmetric ciphers). It encrypts data after a ticket is granted, but passwords are exchanged in plain text. Is incorrect because the passwords are not exchanged but used for encryption and decryption of the keys. It is a second party authentication system. Is incorrect because Kerberos is a third party authentication system, you authenticate to the third party (Kerberos) and not the system you are accessing.
References:QUESTION 4Which of the following is needed for System Accountability?
A. Audit mechanisms.
B. Documented design as laid out in the Common Criteria.
C. Authorization.
D. Formal verification of system design.Correct Answer: AExplanation
Explanation/Reference:Is a means of being able to track user actions. Through the use of audit logs and other tools the user actions are recorded and can be used at a later date to verify what actions were performed. Accountability is the ability to identify users and to be able to track user actions. The following answers are incorrect: Documented design as laid out in the Common Criteria. Is incorrect because the Common Criteria is an international standard to evaluate trust and would not be a factor in System Accountability. Authorization. Is incorrect because Authorization is granting access to subjects, just because you have
authorization does not hold the subject accountable for their actions. Formal verification of system design. Is incorrect because all you have done is to verify the system design
and have not taken any steps toward system accountability.
References:
OIG CBK Glossary (page 778)QUESTION 5What is Kerberos?
A. A three-headed dog from the egyptian mythology.
B. A trusted third-party authentication protocol.
C. A security model.
D. A remote authentication dial in user server.CISSP dumps Correct Answer: BExplanation
Explanation/Reference:Is correct because that is exactly what Kerberos is.
The following answers are incorrect:
A three-headed dog from Egyptian mythology. Is incorrect because we are dealing with Information Security and not the Egyptian mythology but the Greek Mythology. A security model. Is incorrect because Kerberos is an authentication protocol and not just a security model. A remote authentication dial in user server. Is incorrect because Kerberos is not a remote authentication dial in user server that would be called RADIUS.QUESTION 6Kerberos depends upon what encryption method?
A. Public Key cryptography.
B. Secret Key cryptography.
C. El Gamal cryptography.
D. Blowfish cryptography.Correct Answer: BExplanation
Explanation/Reference:Kerberos depends on Secret Keys or Symmetric Key cryptography.
Kerberos a third party authentication protocol. It was designed and developed in the mid 1980’s by MIT. Itis considered open source but is copyrighted and owned by MIT. It relies on the user’s secret keys. The password is used to encrypt and decrypt the keys.
This question asked specifically about encryption methods. Encryption methods can be SYMMETRIC (or secret key) in which encryption and decryption keys are the same, or ASYMMETRIC (aka ‘Public Key’) in which encryption and decryption keys differ. ‘Public Key’ methods must be asymmetric, to the extent that the decryption key CANNOT be easily derived from the encryption key. Symmetric keys, however, usually encrypt more efficiently, so they lend themselves to encrypting large amounts of data. Asymmetric encryption is often limited to ONLY encrypting a symmetric key and other information that is needed in order to decrypt a data stream, and the remainder of the encrypted data uses the symmetric key method for performance reasons. This does not in any way diminish the security nor the ability to use a public key to encrypt the data, since the symmetric
key method is likely to be even MORE secure than the asymmetric method. For symmetric key ciphers, there are basically two types: BLOCK CIPHERS, in which a fixed length block
is encrypted, and STREAM CIPHERS, in which the data is encrypted one ‘data unit’ (typically 1 byte) at a time, in the same order it was received in.
The following answers are incorrect:
Public Key cryptography. Is incorrect because Kerberos depends on Secret Keys or Symmetric Key cryptography and not Public Key or Asymmetric Key cryptography.
El Gamal cryptography. Is incorrect because El Gamal is an Asymmetric Key encryption algorithm. Blowfish cryptography. Is incorrect because Blowfish is a Symmetric Key encryption algorithm.
References:QUESTION 7A confidential number used as an authentication factor to verify a user’s identity is called a:
A. PIN
B. User ID
C. Password
D. ChallengeCISSP pdf Correct Answer: AExplanation
Explanation/Reference:PIN Stands for Personal Identification Number, as the name states it is a combination of numbers. The following answers are incorrect: User ID This is incorrect because a Userid is not required to be a number and a Userid is only used to establish identity not verify it.
Password. This is incorrect because a password is not required to be a number, it could be any combination of characters. Challenge. This is incorrect because a challenge is not defined as a number, it could be anything.QUESTION 8Individual accountability does not include which of the following?
A. unique identifiers
B. policies & procedures
C. access rulesD. audit trailsCorrect Answer: BExplanation
Explanation/Reference:Accountability would not include policies & procedures because while important on an effective security program they cannot be used in determing accountability.
The following answers are incorrect:
Unique identifiers. Is incorrect because Accountability would include unique identifiers so that you can identify the individual. Access rules. Is incorrect because Accountability would include access rules to define access violations. Audit trails. Is incorrect because Accountability would include audit trails to be able to trace violations or attempted violations.QUESTION 9Which of the following exemplifies proper separation of duties?
A. Operators are not permitted modify the system time.
B. Programmers are permitted to use the system console.
C. Console operators are permitted to mount tapes and disks.
D. Tape operators are permitted to use the system console.CISSP vce Correct Answer: AExplanation
Explanation/Reference:This is an example of Separation of Duties because operators are prevented from modifying the system time which could lead to fraud. Tasks of this nature should be performed by they system administrators. AIO defines Separation of Duties as a security principle that splits up a critical task among two or more individuals to ensure that one person cannot complete a risky task by himself.
The following answers are incorrect:
Programmers are permitted to use the system console. Is incorrect because programmers should not be permitted to use the system console, this task should be performed by operators. Allowing programmers access to the system console could allow fraud to occur so this is not an example of Separation of Duties.. Console operators are permitted to mount tapes and disks. Is incorrect because operators should be able to mount tapes and disks so this is not an example of Separation of Duties. Tape operators are permitted to use the system console. Is incorrect because operators should be able to use the system console so this is not an example of Separation of Duties.
References:
OIG CBK Access Control (page 98 – 101)
AIOv3 Access Control (page 182)QUESTION 10An access control policy for a bank teller is an example of the implementation of which of the following?
A. Rule-based policy
B. Identity-based policy
C. User-based policy
D. Role-based policyCorrect Answer: DExplanation
Explanation/Reference:The position of a bank teller is a specific role within the bank, so you would implement a role- based policy.
The following answers are incorrect:
Rule-based policy. Is incorrect because this is based on rules and not the role of a of a bank teller so this would not be applicable for a specific role within an organization.
Identity-based policy. Is incorrect because this is based on the identity of an individual and not the role of a bank teller so this would not be applicable for a specific role within an organization. User-based policy. Is incorrect because this would be based on the user and not the role of a bank teller so this would not be not be applicable for a specific role within an organization.QUESTION 11Which one of the following authentication mechanisms creates a problem for mobile users?
A. Mechanisms based on IP addresses
B. Mechanism with reusable passwords
C. One-time password mechanism.
D. Challenge response mechanism.CISSP exam Correct Answer: AExplanation
Explanation/Reference:Anything based on a fixed IP address would be a problem for mobile users because their location and its associated IP address can change from one time to the next. Many providers will assign a new IP every time the device would be restarted. For example an insurance adjuster using a laptop to file claims online. He goes to a different client each time and the address changes every time he connects to the ISP.
NOTE FROM CLEMENT:
The term MOBILE in this case is synonymous with Road Warriors where a user is constantly traveling and changing location. With smartphone today that may not be an issue but it would be an issue for laptops or WIFI tablets. Within a carrier network the IP will tend to be the same and would change rarely. So this question is more applicable to devices that are not cellular devices but in some cases this issue could affect cellular devices as well.
The following answers are incorrect:
Mechanism with reusable password. This is incorrect because reusable password mechanism would not present a problem for mobile users. They are the least secure and change only at specific interval one-time password mechanism. This is incorrect because a one-time password mechanism would not present a problem for mobile users. Many are based on a clock and not on the IP address of the user Challenge response mechanism. This is incorrect because challenge response mechanism would not present a problem for mobile users.QUESTION 12Organizations should consider which of the following first before allowing external access to their LANs via the Internet?
A. Plan for implementing workstation locking mechanisms.
B. Plan for protecting the modem pool.
C. Plan for providing the user with his account usage information.
D. Plan for considering proper authentication options.Correct Answer: DExplanation
Explanation/Reference:Before a LAN is connected to the Internet, you need to determine what the access controls mechanisms are to be used, this would include how you are going to authenticate individuals that may access your network externally through access control.
The following answers are incorrect:
Plan for implementing workstation locking mechanisms. This is incorrect because locking the workstations have no impact on the LAN or Internet access. Plan for protecting the modem pool. This is incorrect because protecting the modem pool has no impact on
the LAN or Internet access, it just protects the modem. Plan for providing the user with his account usage information. This is incorrect because the question asks what should be done first. While important your primary concern should be focused on security.

Pass4itsure publishes ISC CISSP dumps version reliable practice exam vce online which is nearly 98% similar with the real test. “Certified Information Systems Security Professional”, also known as CISSP exam, is a ISC certification which covers all the knowledge points of the real ISC exam. Pass4itsure Cisco CISSP dumps exam questions answers are updated (2629 Q&As) are verified by experts. The associated certifications of CISSP dumps is ISC. It is not only providing you valid https://www.pass4itsure.com/cissp.html dumps questions and answers but also simulate scene like the real test.